CN111371560A - Certificateless fault-tolerant aggregation signature method and system applied to Internet of vehicles - Google Patents

Abstract

The invention discloses a certificateless fault-tolerant aggregation signature method and system applied to the Internet of vehicles. The invention generates the false identity of the vehicle through the credible authority authentication center, the vehicle interacts with the false identity to hide the real identity of the vehicle so as to ensure the privacy and traceability of the vehicle, and the message is digitally signed through the fault-tolerant aggregated signature so as to ensure the authenticity and integrity of the message.

Description

Certificateless fault-tolerant aggregation signature method and system applied to Internet of vehicles

Technical Field

The invention relates to the technical field of Internet of vehicles, in particular to a certificateless fault-tolerant aggregation signature method and system applied to the Internet of vehicles.

Background

With the development of wireless communication technology and internet of things technology, it becomes more possible to realize a mature internet of vehicles, and in recent years, the internet of vehicles has become a popular research direction. The vehicle-mounted Unit (On Board Unit OBU) On the vehicle is used as a communication terminal to be placed in a network, and the vehicle (the vehicle can receive and send messages through the vehicle-mounted Unit) can receive and send the messages, so that a driver can obtain better driving experience and service, and traffic management is more convenient.

In the internet of vehicles, there are three important components, such as an on-board Unit (OBU), a Road Side Unit (RSU), and a Trusted Authority (TA) on a vehicle, as shown in fig. 1. The vehicle-mounted unit (OBU) of the vehicle is equivalent to a mobile router, the vehicle can communicate with the RSU through the OBU before and without depending on external infrastructure, the storage space and the computing capacity of the vehicle-mounted unit are limited, the vehicle has high moving speed and large scale, and low-delay communication is also a characteristic of the vehicle networking. The RSU then acts as an edge node of the vehicle network, since the vehicle needs to send information to the RSU to be forwarded to the TA. Finally, the TA as an authoritative certification center can receive the information from the vehicles transmitted by the RSU, process and analyze the big data and better manage the traffic.

Internet of vehicles can provide many benefits, can be an important part of future intelligent life, but can also provide potential problems and challenges. For example, an illegal person locks the identity of the vehicle and performs illegal tracking; the illegal person can also modify or replay the message generated by the vehicle, so that the trusted authority authentication center can generate wrong analysis, obtain wrong conclusion and execute wrong operation; furthermore, when some events occur (such as the vehicle violates the traffic rules), a malicious user may forge a message or falsify the identity of another person, so as to be hidden from the authoritative certification center and avoid the penalty. Therefore, how to realize the purpose of ensuring the privacy and traceability of the vehicle, ensuring the authenticity and integrity of data and ensuring that violation messages are not modified or forged becomes a technical problem to be solved urgently.

Disclosure of Invention

The invention aims to provide a certificateless fault-tolerant aggregated signature method and a certificateless fault-tolerant aggregated signature system applied to the Internet of vehicles, so that the privacy and traceability of vehicles can be guaranteed, the authenticity and integrity of data can be guaranteed, and illegal messages are guaranteed not to be modified or forged.

In order to achieve the purpose, the invention provides the following scheme:

a certificateless fault-tolerant aggregation signature method applied to the Internet of vehicles comprises the following steps:

generating a pseudo identity of each vehicle according to the real identity of each vehicle through a trusted authority authentication center, generating a partial private key of each vehicle based on the pseudo identity of each vehicle, and respectively transmitting the partial private key of each vehicle to each vehicle;

generating, by each of the vehicles, a public key and a private key of the vehicle from a portion of the private key of the vehicle; the public key and the private key are used for carrying out digital signature on the message to be sent to obtain a single signature of the message to be sent by the vehicle, and the single signature is sent to a roadside unit;

forming a single signature set by the roadside unit from the received single signatures sent by the vehicles;

carrying out fault-tolerant aggregated signature on the single signature set through the roadside unit to obtain a fault-tolerant aggregated signature set, and sending the fault-tolerant aggregated signature set to a trusted authority authentication center;

and verifying each fault-tolerant aggregated signature in the fault-tolerant aggregated signature set through the credible authority authentication center to obtain a verification result of each fault-tolerant aggregated signature.

Optionally, the generating, by the trusted authority authentication center, the pseudo identity of each vehicle according to the real identity of each vehicle, and generating a partial private key of each vehicle based on the pseudo identity of each vehicle specifically include:

according to the real identity ID of the ith vehicle_iUsing the formula

Determining a pseudo-identity PID for an ith vehicle_i(ii) a Wherein H₁Is a first hash function, s_secDenotes a first random integer, C_iOne element, C, representing the elliptic curve addition cycle group_i＝c_iP, P denotes the generator of the elliptic curve addition cyclic group, c_iRepresents a second random integer;

pseudo-identity PID from ith vehicle_iUsing the formula h_2,i＝H₂(PID_i,C_i,t_i) Calculating a first hash value h of the ith vehicle_2,i(ii) a Wherein, t_iPID representing pseudo identity_iEffective duration of (H)₂Is a second hash function;

according to the first hash value h of the ith vehicle_2,iUsing the formula l_i＝(s_sech_2,i+c_i) mod q, calculating integer element l_i，l_iBeing integer elements of part of the private key, i.e. Z_q ^*An element of (i) is essentially a positive integer, Z_q ^*The residual system is simplified; wherein q represents the group order of the elliptic curve addition cyclic group;

generating PIDs containing pseudo-identities_iPseudo identity PID_iIs valid for a time period t_iAnd integer element l_iPart of the private key of

Optionally, the performing fault-tolerant aggregated signature on the single signature set by the roadside unit to obtain a fault-tolerant aggregated signature set specifically includes:

constructing a plurality of basic specifications of a uniform set according to the sequence from big to small to form a basic specification set;

acquiring the number of single signatures in a single signature set, and setting the number of the single signatures as an initial integer division remainder;

respectively judging whether the difference value of each basic specification and the integer division remainder is within a preset range to obtain a first judgment result;

if the first judgment result shows that the difference value between the s-th basic specification and the integer division remainder is within a preset range, generating a virtual single signature with the difference value number to obtain a signature set to be subjected to fault-tolerant aggregation, wherein the signature set comprises a single signature with the number of the integer division remainder in the single signature set and the virtual single signature with the number of the difference value, performing uniform (k, m) set construction on the signature set to be subjected to fault-tolerant aggregation by using the s-th basic specification to obtain a uniform (k, m) set of the s-th basic specification, removing the virtual single signature in the uniform (k, m) set, performing fault-tolerant aggregation signature on the removed uniform (k, m) set to obtain a first aggregation signature set;

if the first judgment result shows that the difference value between each basic specification and the integer division remainder is not in a preset range, utilizing the integer division remainder to divide the tth basic specification in an integer way, and utilizing the integer division result to update the numerical values of the integer division quotient and the integer division remainder;

judging whether the integer quotient is 0 or not to obtain a second judgment result;

if the second judgment result shows that the integer division quotient is 0, increasing the numerical value of t by 1, and returning to the step of 'dividing the t basic specification by the integer division remainder and updating the numerical values of the integer division quotient and the integer division remainder by the integer division result';

if the second judgment result shows that the integer quotient is not 0, carrying out fault-tolerant aggregated signature on the single signatures of which the number is equal to the number of the previous integer quotient multiplied by the t basic specification in the single signature set by using the t basic specification to obtain a second aggregated signature set;

judging whether the integer division remainder is 0 or not to obtain a third judgment result;

if the third judgment result shows that the integer division remainder is not 0, returning to the step of respectively judging whether the difference value between each basic specification and the integer division remainder is within a preset range to obtain a first judgment result;

and if the third judgment result shows that the integer division remainder is 0, outputting the union of the first aggregation signature set and the second aggregation signature set as a fault-tolerant aggregation signature set.

Optionally, the generating, by the trusted authority certification authority, the pseudo identity of each vehicle according to the real identity of each vehicle further includes:

and generating a main public key, a main private key and system parameters through a trusted authority authentication center based on an elliptic addition cycle group.

A certificateless fault-tolerant aggregated signature system for use in the internet of vehicles, the system comprising:

the system comprises a partial private key generation module, a trusted authority authentication center and a partial private key generation module, wherein the partial private key generation module is used for generating a pseudo identity of each vehicle according to the real identity of each vehicle through the trusted authority authentication center, generating a partial private key of each vehicle based on the pseudo identity of each vehicle, and respectively transmitting the partial private key of each vehicle to each vehicle;

the digital signature module is used for generating a public key and a private key of the vehicle according to a part of private keys of the vehicles through each vehicle; the public key and the private key are used for carrying out digital signature on the message to be sent to obtain a single signature of the message to be sent by the vehicle, and the single signature is sent to a roadside unit;

the single signature set acquisition module is used for forming a single signature set by the received single signatures sent by the vehicles through the roadside unit;

the fault-tolerant aggregated signature module is used for carrying out fault-tolerant aggregated signature on the single signature set through the roadside unit to obtain a fault-tolerant aggregated signature set and sending the fault-tolerant aggregated signature set to a trusted authority authentication center;

and the fault-tolerant aggregated signature verification module is used for verifying each fault-tolerant aggregated signature in the fault-tolerant aggregated signature set through the trusted authority authentication center to obtain a verification result of each fault-tolerant aggregated signature.

Optionally, the module for generating a part of the private key specifically includes:

a pseudo-identity determination submodule for determining the true identity ID of the ith vehicle based on_iUsing the formula

Determining a pseudo-identity PID for an ith vehicle_i(ii) a Wherein H₁Is a first hash function, s_secDenotes a first random integer, C_iOne element, C, representing the elliptic curve addition cycle group_i＝c_iP, P denotes the generator of the elliptic curve addition cyclic group, c_iRepresents a second random integer;

a first hash value calculation operator module for calculating a pseudo-identity PID of the ith vehicle_iUsing the formula h_2,i＝H₂(PID_i,C_i,t_i) Calculating a first hash value h of the ith vehicle_2,i(ii) a Wherein, t_iPID representing pseudo identity_iEffective duration of (H)₂Is a second hash function;

an integer element calculation submodule for calculating a first hash value h for the ith vehicle_2,iUsing the formula l_i＝(s_sech_2,i+c_i) modq, calculating integer element l_i，l_iIs Z_q ^*An element of Z, Z_q ^*The residual system is simplified; wherein q represents the group order of the elliptic curve addition cyclic group;

a partial private key generation submodule for generating a PID containing a pseudo identity_iPseudo identity PID_iIs valid for a time period t_iAnd integer element l_iPart of the private key of

Optionally, the fault-tolerant aggregation signature module specifically includes:

the basic specification construction submodule is used for constructing a plurality of basic specifications of the uniform set according to the sequence from big to small to form a basic specification set;

the single signature number acquisition submodule is used for acquiring the number of single signatures in a single signature set and setting the number of the single signatures as an initial integer division remainder;

the first judgment submodule is used for respectively judging whether the difference value of each basic specification and the integer division remainder is within a preset range to obtain a first judgment result;

the first fault-tolerant aggregation signature submodule is used for generating a virtual single signature with the number of difference values if the first judgment result shows that the difference value between the s-th basic specification and the integer division remainder is within a preset range, obtaining a signature set to be fault-tolerant aggregated, which comprises the single signature with the number of the integer division remainder in the single signature set and the virtual single signature with the number of the difference values, performing uniform (k, m) set construction on the signature set to be fault-tolerant aggregated by using the s-th basic specification to obtain a uniform (k, m) set of the s-th basic specification, removing the virtual single signature in the uniform (k, m) set, performing fault-tolerant aggregation signature on the removed uniform (k, m) set, and obtaining a first aggregation signature set;

a integer division submodule, configured to divide the tth basic specification by the integer division remainder and update the numerical values of the integer division quotient and the integer division remainder by the integer division result if the first determination result indicates that the difference value between each basic specification and the integer division remainder is not within a preset range;

the second judgment submodule is used for judging whether the integer quotient is 0 or not to obtain a second judgment result;

a first returning submodule, configured to increase a value of t by 1 if the second determination result indicates that the integer division quotient is 0, and return to the step "divide the t-th basic specification by the integer division remainder, and update values of the integer division quotient and the integer division remainder by the integer division result";

the second fault-tolerant aggregated signature submodule is used for carrying out fault-tolerant aggregated signature on the single signatures of which the number is equal to the integral quotient of the first integral quotient multiplied by the t basic specification in the single signature set by using the t basic specification if the second judgment result shows that the integral quotient is not 0, so as to obtain a second aggregated signature set;

the third judgment submodule is used for judging whether the integer division remainder is 0 or not to obtain a third judgment result;

a second returning submodule, configured to, if the third determination result indicates that the integer division remainder is not 0, return to the step "respectively determine whether a difference between each of the basic specifications and the integer division remainder is within a preset range, so as to obtain a first determination result";

and the fault-tolerant aggregated signature set output submodule is used for outputting the union of the first aggregated signature set and the second aggregated signature set as a fault-tolerant aggregated signature set if the third judgment result shows that the integer division remainder is 0.

Optionally, the system further includes:

and the initialization module is used for generating a main public key, a main private key and system parameters based on the elliptic addition cycle group through the trusted authority authentication center.

According to the specific embodiment provided by the invention, the invention discloses the following technical effects:

the invention provides a certificateless fault-tolerant aggregation signature method and system applied to the Internet of vehicles. The method comprises the following steps: generating a pseudo identity of each vehicle according to the real identity of each vehicle through a trusted authority authentication center, and generating a partial private key of each vehicle based on the pseudo identity of each vehicle; generating, by each of the vehicles, a public key and a private key of the vehicle from a portion of the private key of the vehicle; the public key and the private key are used for carrying out digital signature on the message to be sent to obtain a single signature of the message to be sent by the vehicle; the roadside unit is used for forming a single signature set by the received single signatures sent by the vehicles, and carrying out fault-tolerant aggregated signature on the single signature set to obtain a fault-tolerant aggregated signature set; and verifying each fault-tolerant aggregated signature in the fault-tolerant aggregated signature set through the credible authority authentication center to obtain a verification result of each fault-tolerant aggregated signature. The invention generates the false identity of the vehicle through the credit authority authentication center, the vehicle interacts with the false identity to hide the real identity of the vehicle so as to ensure the privacy and traceability of the vehicle, the authenticity and integrity of the message are ensured by carrying out fault-tolerant aggregated signature and verification on the single signature of the message, the bandwidth pressure is reduced by the fault-tolerant aggregated signature, and the calculation overhead required by signature verification is reduced.

And the invention adopts the fault-tolerant aggregated signature method which introduces the virtual single signature, can realize that part of effective single signatures are identified when the aggregated signature verification can not completely pass, ensures that most effective digital signatures can pass the verification, and avoids the technical defects that the prior n single signatures are aggregated into an aggregated signature, if the aggregated signature verification fails, an invalid signature exists in the n single signatures, and the n single signatures can not be verified and rejected.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without inventive exercise.

FIG. 1 is a schematic view of the Internet of vehicles provided by the present invention;

FIG. 2 is a flowchart of a certificateless fault-tolerant aggregation signature method applied to the Internet of vehicles according to the present invention;

FIG. 3 is a schematic diagram illustrating a certificate-free fault-tolerant aggregation signature method applied to the Internet of vehicles according to the present invention;

FIG. 4 is a schematic diagram of a basic specification interval provided by the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

The invention aims to provide a certificateless fault-tolerant aggregated signature method and a certificateless fault-tolerant aggregated signature system applied to the Internet of vehicles, so that the privacy and traceability of vehicles can be guaranteed, the authenticity and integrity of data can be guaranteed, and illegal messages are guaranteed not to be modified or forged.

In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.

In order to achieve the purpose, the invention provides a certificateless fault-tolerant aggregation signature method applied to the Internet of vehicles. The method as shown in fig. 2 and 3 comprises the following steps:

generating a main public key, a main private key and system parameters based on an elliptic addition cycle group through a trusted authority authentication center, namely initializing (1)^γ)→(spm,s_sec). The method is executed by a Trusted Authority authentication center (TA). Given the system security parameter γ, TA performs initialization. Based on the elliptic curve, TA selects an addition cycle group G, the generating element is P, and the order is a prime number q. TA then selects a random number s_sec∈Z_q ^*As the master private key, calculate the master public key S_pub＝s_secAnd P. Then, TA selects three hash functions H₁:G→Z_q ^*，H₂:{0,1}^*×G×{0,1}^*→Z_q ^*，H₃:G×G×{0,1}^*×{0,1}^*×{0,1}^*→Z_q ^*Wherein Z is_q ^*Is to simplify the remainder system, {0,1}^*Is a non-empty binary string of arbitrary length. Finally, TA discloses the system parameter spm ═ (H)₁,H₂,H₃,G,P,q,S_pub)，H₁、H₂、H₃Respectively representing a first hash function, a second hash function and a third hash function.

Wherein, elliptic curve addition cyclic group G: given a domain F_pAnd p is a prime number. At F_pA set EC of elliptic curve points is defined above and the coordinates of these points satisfy: y is²＝(x³+ ax + b) mod q, where a, b are F_pConstant of (4 a)³+27b²) mod p ≠ 0. And setting the infinite point as O, forming an elliptic curve addition cyclic group G by EC and O, wherein the group order is q, and the generating element is P.

Step 201, generating a pseudo identity of each vehicle according to the real identity of each vehicle through a trusted authority authentication center, generating a partial private key of each vehicle based on the pseudo identity of each vehicle, and transmitting the partial private key of each vehicle to each vehicle respectively.

Generating a partial private key (ID)_i,s_sec,t_i)→(PID_i,t_i,l_i,C_i). This method is performed by the TA. The true identity of the vehicle in the system is pre-stored in the TA by the ID_iRepresentative vehicle u_iThe TA selects a random number c_i∈Z_q ^*Let C_i＝c_iP, calculating the vehicle u_iPseudo-identity of

TA then calculates the hash value h_2,i＝H₂(PID_i,C_i,t_i)，t_iPID representing pseudo identity_iThe effective time of l is calculated_i＝(s_sech_2,i+c_i) mod q. Finally, the process is carried out in a batch,

is sent as part of the private key to the vehicle u through the secure channel_i. The vehicle interacts with the pseudo-identity, which can hide the true identity of the vehicle, but the TA uses the pseudo-identity PID_iCalculating the true identity ID of the vehicle_iI.e. the TA can trace the vehicle.

Step 202, generating a public key and a private key of a vehicle according to a part of private keys of the vehicles by each vehicle; and digitally signing the message to be sent by using the public key and the private key to obtain a single signature of the message to be sent by the vehicle, and sending the single signature to the roadside unit.

Generating vehicle key pairs

The method is performed by a vehicle. Vehicle u_iUpon receiving a partial private key from a TA

The correctness of part of the private key is first verified. u. of_iComputing Hash h_2,i＝H₂(PID_i,C_i,t_i) If equation l_iP＝C_i+h_2,iS_pubIf yes, then part of private keys are correct and execution is continued; if the equality is not true, then part of the private key is incorrect, u_iThe reception is denied. Then, u_iSelecting a random number v_i∈Z_q ^*Calculating V_i＝v_iP, let the public key be

The private key is

Generating a single digital signature

The method is performed by a vehicle. Given a message m_iCurrent latest time t_s,i(corresponding to pseudo-identity PID_iEffective start time of) vehicle u), the vehicle u_iCalculating a hash value h_3,i＝H₃(V_i,C_i,PID_i,m_i,t_s,i). Then u_iSelecting a random number z_i∈Z_q ^*Calculating Z_i＝z_iP，β_i＝[h_{3, i}v_i+z_i+l_i]mod q, will_i＝(β_i,Z_i) As a digital signature. Finally, u_iSending

Giving the roadside unit RSU to which the self belongs.

And step 203, forming a single signature set by the roadside unit from the received single signatures sent by the vehicles.

Step 204, carrying out fault-tolerant aggregated signature on the single signature set by the roadside unit to obtain a fault-tolerant aggregated signature set, and sending the fault-tolerant aggregated signature set to a trusted authority authentication center;

step 204, performing fault-tolerant aggregated signature on the single signature set by the roadside unit to obtain a fault-tolerant aggregated signature set, which specifically includes: constructing a plurality of basic specifications of a uniform set according to the sequence from big to small to form a basic specification set; acquiring the number of single signatures in a single signature set, and setting the number of the single signatures as an initial integer division remainder; respectively judging whether the difference value of each basic specification and the integer division remainder is within a preset range to obtain a first judgment result; if the first judgment result shows that the difference value between the s-th basic specification and the integer division remainder is within a preset range, generating a virtual single signature with the difference value number to obtain a signature set to be subjected to fault-tolerant aggregation, wherein the signature set comprises a single signature with the number of the integer division remainder in the single signature set and the virtual single signature with the number of the difference value, performing uniform (k, m) set construction on the signature set to be subjected to fault-tolerant aggregation by using the s-th basic specification to obtain a uniform (k, m) set of the s-th basic specification, removing the virtual single signature in the uniform (k, m) set, performing fault-tolerant aggregation signature on the removed uniform (k, m) set to obtain a first aggregation signature set; if the first judgment result shows that the difference value between each basic specification and the integer division remainder is not in a preset range, utilizing the integer division remainder to divide the tth basic specification in an integer way, and utilizing the integer division result to update the numerical values of the integer division quotient and the integer division remainder; judging whether the integer quotient is 0 or not to obtain a second judgment result; if the second judgment result shows that the integer division quotient is 0, increasing the numerical value of t by 1, and returning to the step of 'dividing the t basic specification by the integer division remainder and updating the numerical values of the integer division quotient and the integer division remainder by the integer division result'; if the second judgment result indicates that the integer quotient is not 0, performing fault-tolerant aggregated signature on the single signatures of which the number is multiplied by the previous integer quotient and the number is multiplied by the tth basic specification in the single signature set by using the tth basic specification to obtain a second aggregated signature set, for example, if the integer quotient is 3, dividing the single signatures of which the number is multiplied by the previous 3 and the number is multiplied by the tth basic specification into three parts, and performing aggregated signature by using the tth basic specification respectively; judging whether the integer division remainder is 0 or not to obtain a third judgment result; if the third judgment result shows that the integer division remainder is not 0, returning to the step of respectively judging whether the difference value between each basic specification and the integer division remainder is within a preset range to obtain a first judgment result; and if the third judgment result shows that the integer division remainder is 0, outputting a union of the first aggregation signature set and the second aggregation signature set as a fault-tolerant aggregation signature set, wherein the fault-tolerant aggregation signature set comprises all the first aggregation signature sets and all the second aggregation signature sets generated in a multi-iteration process.

Specifically, a fault tolerant aggregate signature (D) → (E) is generated. This method is performed by the RSU. Given X single signatures X ═ σ { (σ })₁，σ₂，…，σ_xComposed of x vehicles { u }₁，u₂，…，u_xFor x messages m₁，m₂，…，m_xSigned, assume sigma_i∈X,σ_i＝(β_i,Z_i) If the x single signatures are to be aggregated, an aggregated signature is obtained

Now, let n vehicles sign n messages to get n single signatures D ═ σ ═ n₁，σ₂，…，σ_nAnd sending n signatures to the RSU, wherein the RSU needs to use a uniform (k, m) set method to construct a fault-tolerant aggregated signature. For variable n, choosing these two parameters k and m in a uniform (k, m) set becomes a very cumbersome task, where

m and k are positive integers, that is, k and m in the concept of uniform (k, m) set, so the solution of the present invention is:

according to the number of vehicles served by the RSU in the actual scene, a suitable set of basic specifications is first selected, the invention selects but is not limited to,

① if n belongs to the black open interval in FIG. 4, then add some virtual single signature to D set temporarily to form new set D^*Let D^*Reaches a certain proximal basic specification, and then D is constructed^*The uniform (k, m) set B, B set contains m elements (set), and all virtual single signatures in the m elements are removed to form a new set B^*Let B be^*X elements are added, and finally B is polymerized separately^*Each element of (a) forms x aggregate signatures. For example, if n is 110, then the set D is temporarily added with 10 virtual single signatures to form the set D^*Is provided with

Therefore, the constructed uniform (4, 10) set comprises 10 elements, then 10 virtual single signatures in the uniform set are removed to form a new set, and finally each element in the new set is respectively aggregated to generate 10 aggregated signatures.

② if n does not belong to the black open interval in FIG. 4, given an array shang of length 7, the initialization state is {0,0,0,0,0,0,0}, starting from the highest specification, the following is performed, n is divided by the base specification, the quotient S is divided by n_iStoring into arrays shang, S_iRepresents the quotient of the integer divisions of the ith specification. If quotient S_iNot 0 and remainder 0, then n is exactly a multiple of the current specification; if S_iIf not 0 and the remainder is not 0, the remainder is regarded as n, and the steps ① and ② are repeated, if S is not 0_i0 and the remainder is not 0, the current specification is decremented by one step, ② is executedAnd (5) carrying out the following steps.

Finally, from the result of the execution at ②, an array shang is formed { S ═ S₁,S₂,S₃,S₄,S₅,S₆,S₇It is possible that there is 0 in the array, assuming that the elements in the array other than 0 are S_jAccording to S_jCorresponding specification construction S_jThe corresponding uniform set is reproduced with aggregated signatures from the results of ① executions, several aggregated signatures are obtained, the combination of these aggregated signatures is called fault-tolerant aggregated signature, assuming fault-tolerant aggregated signature as E, and sent to TA ①② execution results.

For example: n-29, n single signatures { σ }₁,σ₂,…,σ₂₉And if the result does not belong to the black open interval, ② is executed, starting from the highest specification, 29/330 is 0, and the remainder is 29, the specification is reduced to 210, 29/210 is 0, and the remainder is 29, and is further reduced to 29/20 is 1, and the remainder is 9, namely, the quotient is not 0 and the remainder is not 0, in this case, shang is 0,0,0,0,1,0, and n is 9, ①② is repeatedly executed, 9 belongs to the black open interval, ① is executed, a virtual single signature σ is added, and the virtual single signature σ is repeatedly added₃₀After n is 10, a uniform (3, 5) set (IB) is constructed₇、IB₈、IB₉、IB₁₀、IB₁₁) Then, the virtual single signature in the uniform set is removed to form a new set (B)₇、B₈、B₉、B₁₀、B₁₁) Respectively aggregating each element of the new set to generate 5 aggregated signatures, and generating a new set by uniformly (3, 5) removing the virtual single signature as follows: IB₇＝(σ₂₅,σ₂₆,σ₂₇,σ₂₈,σ₂₉,σ₃₀)，B₇＝(σ₂₅,σ₂₆,σ₂₇,σ₂₈,σ₂₉)IB₈＝(σ₂₂,σ₂₃,σ₂₄,σ₂₈,σ₂₉,σ₃₀)，B₈＝(σ₂₂,σ₂₃,σ₂₄,σ₂₈,σ₂₉)IB₉＝(σ₂₁,σ₂₃,σ₂₄,σ₂₆,σ₂₇,σ₃₀)，→B₉＝(σ₂₁,σ₂₃,σ₂₄,σ₂₆,σ₂₇)IB₁₀＝(σ₂₁,σ₂₂,σ₂₄,σ₂₅,σ₂₇,σ₂₉)，B₁₀＝(σ₂₁,σ₂₂,σ₂₄,σ₂₅,σ₂₇,σ₂₉)

IB₁₁＝(σ₂₁,σ₂₂,σ₂₃,σ₂₅,σ₂₆,σ₂₈)，B₁₁＝(σ₂₁,σ₂₂,σ₂₃,σ₂₅,σ₂₆,σ₂₈)

Then, from the shared ═ {0,0,0,0,0,1,0}, a uniform (4, 6) set can be constructed, and then 6 aggregation signatures are generated, the uniform (4, 6) set is as follows:

B₁＝(σ₁₁,σ₁₂,σ₁₃,σ₁₄,σ₁₅,σ₁₆,σ₁₇,σ₁₈,σ₁₉,σ₂₀)，

B₂＝(σ₅,σ₆,σ₇,σ₈,σ₉,σ₁₀,σ₁₇,σ₁₈,σ₁₉,σ₂₀)，

B₃＝(σ₂,σ₃,σ₄,σ₈,σ₉,σ₁₀,σ₁₄,σ₁₅,σ₁₆,σ₂₀)，

B₄＝(σ₁,σ₃,σ₄,σ₆,σ₇,σ₁₀,σ₁₂,σ₁₃,σ₁₆,σ₁₉)，

B₅＝(σ₁,σ₂,σ₄,σ₅,σ₇,σ₉,σ₁₁,σ₁₃,σ₁₅,σ₁₈)，

B₆＝(σ₁,σ₂,σ₃,σ₅,σ₆,σ₈,σ₁₁,σ₁₂,σ₁₄,σ₁₇)，

to this end, a fault tolerant aggregate signature E is generated (11 aggregate signatures), assuming B_i(i is [1, 11 ]]Integer of (c) is aggregated to generate an aggregate signature of ε_iThen E ═ ε₁，ε₂，…，ε₁₁}。

Wherein, the concept of uniform (k, m) set: given two sets D ═ σ_i|1≤i≤n,i,n∈Z_n}，B＝{B_j|1≤j≤m,j,m∈Z_n}，Z_nIs a natural number set, and

B₁∪B₂∪…∪B_md. If the B set is a uniform (k, m) set of the D set, if and only if the following condition is satisfied:

|B₁|＝|B₂|＝…＝|B_m|，

the union of any k elements in the B set is equal to the D set,

the union of any k-1 elements in the B set is always missing one element in the D set.

Wherein, the method for constructing a uniform (k, m) set of the D set comprises the following steps: due to the practical requirements of the invention, only consider

The case (1). Given D ═ σ_i|1≤i≤n,i,n∈Z_nLet a set B ═ B_j|1≤j≤m,j,m∈Z_n}，

Then n groups W can be created₁,W₂,…,W_nEach group contains k-1 elements of set B. Suppose W_bIs group b, b is 1,2, …, n, and

wherein

Are all thatElements of set B. The following conditions also need to be satisfied:

|B₁|＝|B₂|＝…＝|B_m|，

for any integers i and j, and i ≠ j, i, j ∈ [1, n]All have W_i≠W_j，

For any of the groups [1, n]The integers i and b, i ≠ b, σ_i∈W_iAnd is

Finally, set { B₁,B₂,…,B_mIs a uniform (k, m) set of set D, and each element B of set B_jThe number of the included elements is

An example is illustrated: given D ═ σ_i,σ₂,σ₃,σ₄,σ₅,σ₆First, select k-3, m-4,

thus, set B ═ B₁,B₂,B₃,B₄} 6 groups can be created:

W₁＝B₁∪B₂,

W₂＝B₁∪B₃,

W₃＝B₁∪B₄,

W₄＝B₂∪B₃,

W₅＝B₂∪B₄,

W₆＝B₃∪B₄,

and, B₁At W₁,W₂,W₃Middle and old degreeTo not contain sigma_i,σ₂,σ₃But must include σ₄,σ₅,σ₆Thus B₁＝{σ₄,σ₅,σ₆Similarly, the following can be obtained:

B₁＝{σ₄,σ₅,σ₆}，

B₂＝{σ₂,σ₃,σ₆}，

B₃＝{σ₁,σ₃,σ₅}，

B₄＝{σ₁,σ₂,σ₄}。

finally, set B is a uniform (k, m) aggregation of set D and is constructed.

Step 205, verifying each fault-tolerant aggregated signature in the fault-tolerant aggregated signature set through the trusted authority certificate authority to obtain a verification result of each fault-tolerant aggregated signature.

And verifying the fault-tolerant aggregated signature. This method is performed by the TA. Given fault tolerant aggregated signature E ═ epsilon₁，ε₂，…，ε_mTA will be next to the aggregate signature ε in E_i(i is [1, m ]]Integer of (c) is verified, the number of single signatures aggregated per aggregated signature is not necessarily the same, assuming epsilon_iIs formed by w single signatures { σ₁,σ₂,…,σ_wIs polymerized, provided that j is [1, w ]]Integer of (a)_j＝(β_j,Z_j) If the latter equation is true, then,

then the signature epsilon is aggregated_iIs valid, i.e. represents that w single signatures are all valid; if the equality is not satisfied, then ε_iInvalid, indicating that there is an invalid signature among the w single signatures. And finally, m verification results are generated, and the m verification results can identify invalid digital signatures to a certain extent and ensure that most valid digital signatures can be verified. It can be seen that the fault-tolerant aggregated signature of the present invention can ensure that most valid data signatures can be verified.

Also, the above examples are illustrated. Thus, the fault tolerant aggregated signature E ═ epsilon₁，ε₂，…，ε₁₁Each element of E is represented by B₁，B₂，…，B₁₁Aggregated, verifying a fault-tolerant aggregated signature yields 11 results if only ε₉，ε₁₀，ε₁₁Invalid, then it must be a single signature σ₂₁Is invalid, the remaining 28 single signatures must be valid (i.e., 28 signatures verified). If it is only epsilon₈，ε₉，ε₁₀，ε₁₁Invalid, at which point the invention cannot determine which individual signatures are invalid, but can ensure that epsilon₁，ε₂，ε₃，ε₄，ε₅，ε₆，ε₇，ε₈Corresponding single signature (sigma)₁,σ₂,…,σ₂₀,σ₂₅,σ₂₆,σ₂₇,σ₂₈,σ₂₉) Must be effective.

The invention also provides a certificateless fault-tolerant aggregation signature system applied to the Internet of vehicles, which comprises:

and the initialization module is used for generating a main public key, a main private key and system parameters based on the elliptic addition cycle group through the trusted authority authentication center.

The system comprises a partial private key generation module, a trusted authority authentication center and a vehicle identification module, wherein the partial private key generation module is used for generating a pseudo identity of each vehicle according to the real identity of each vehicle through the trusted authority authentication center, generating a partial private key of each vehicle based on the pseudo identity of each vehicle, and respectively transmitting the partial private key of each vehicle to each vehicle.

The partial private key generation module specifically includes: a pseudo-identity determination submodule for determining the true identity ID of the ith vehicle based on_iUsing the formula

Determining a pseudo-identity PID for an ith vehicle_i(ii) a Wherein H₁Is a first hash function, s_secDenotes a first random integer, C_iTo representC_i＝c_iP, P denotes the generator of the elliptic curve addition cyclic group, c_iRepresents a second random integer; a first hash value calculation operator module for calculating a pseudo-identity PID of the ith vehicle_iUsing the formula h_2,i＝H₂(PID_i,C_i,t_i) Calculating a first hash value h of the ith vehicle_2,i(ii) a Wherein, t_iPID representing pseudo identity_iEffective duration of (H)₂Is a second hash function; an integer element calculation submodule for calculating a first hash value h for the ith vehicle_2,iUsing the formula l_i＝(s_sech_2,i+c_i) mod q, calculating integer element l_i(ii) a Wherein q represents the group order of the elliptic curve addition cyclic group; a partial private key generation submodule for generating a PID containing a pseudo identity_iPseudo identity PID_iIs valid for a time period t_iAnd integer element l_iPart of the private key of

The digital signature module is used for generating a public key and a private key of the vehicle according to a part of private keys of the vehicles through each vehicle; and digitally signing the message to be sent by using the public key and the private key to obtain a single signature of the message to be sent by the vehicle, and sending the single signature to the roadside unit.

And the single signature set acquisition module is used for forming a single signature set by the received single signatures sent by the vehicles through the roadside unit.

And the fault-tolerant aggregated signature module is used for carrying out fault-tolerant aggregated signature on the single signature set through the roadside unit to obtain a fault-tolerant aggregated signature set and sending the fault-tolerant aggregated signature set to a trusted authority authentication center.

The fault-tolerant aggregation signature module specifically comprises: the basic specification construction submodule is used for constructing a plurality of basic specifications of the uniform set according to the sequence from big to small to form a basic specification set; the single signature number acquisition submodule is used for acquiring the number of single signatures in a single signature set and setting the number of the single signatures as an initial integer division remainder; the first judgment submodule is used for respectively judging whether the difference value of each basic specification and the integer division remainder is within a preset range to obtain a first judgment result; the first fault-tolerant aggregation signature submodule is used for generating a virtual single signature with the number of difference values if the first judgment result shows that the difference value between the s-th basic specification and the integer division remainder is within a preset range, obtaining a signature set to be fault-tolerant aggregated, which comprises the single signature with the number of the integer division remainder in the single signature set and the virtual single signature with the number of the difference values, performing uniform (k, m) set construction on the signature set to be fault-tolerant aggregated by using the s-th basic specification to obtain a uniform (k, m) set of the s-th basic specification, removing the virtual single signature in the uniform (k, m) set, performing fault-tolerant aggregation signature on the removed uniform (k, m) set, and obtaining a first aggregation signature set; a integer division submodule, configured to divide the tth basic specification by the integer division remainder and update the numerical values of the integer division quotient and the integer division remainder by the integer division result if the first determination result indicates that the difference value between each basic specification and the integer division remainder is not within a preset range; the second judgment submodule is used for judging whether the integer quotient is 0 or not to obtain a second judgment result; a first returning submodule, configured to increase a value of t by 1 if the second determination result indicates that the integer division quotient is 0, and return to the step "divide the t-th basic specification by the integer division remainder, and update values of the integer division quotient and the integer division remainder by the integer division result"; the second fault-tolerant aggregated signature submodule is used for carrying out fault-tolerant aggregated signature on the single signatures of which the number is equal to the integral quotient of the first integral quotient multiplied by the t basic specification in the single signature set by using the t basic specification if the second judgment result shows that the integral quotient is not 0, so as to obtain a second aggregated signature set; the third judgment submodule is used for judging whether the integer division remainder is 0 or not to obtain a third judgment result; a second returning submodule, configured to, if the third determination result indicates that the integer division remainder is not 0, return to the step "respectively determine whether a difference between each of the basic specifications and the integer division remainder is within a preset range, so as to obtain a first determination result"; and the fault-tolerant aggregated signature set output submodule is used for outputting the union of the first aggregated signature set and the second aggregated signature set as a fault-tolerant aggregated signature set if the third judgment result shows that the integer division remainder is 0.

And the fault-tolerant aggregated signature verification module is used for verifying each fault-tolerant aggregated signature in the fault-tolerant aggregated signature set through the trusted authority authentication center to obtain a verification result of each fault-tolerant aggregated signature.

The invention has the advantages that:

① the invention is a certificateless fault-tolerant aggregate signature scheme applied to the scene of Internet of vehicles, the pseudo identity of the vehicle is generated by the credit authority authentication center, the vehicle interacts with the pseudo identity to hide the real identity of the vehicle to ensure the privacy and traceability of the vehicle, the authenticity and integrity of the message are ensured by carrying out fault-tolerant aggregate signature and verification on the single signature of the message, and the fault-tolerant aggregate signature lightens the bandwidth pressure and reduces the calculation overhead required by signature verification.

② compared with the common aggregated signature scheme, the fault-tolerant aggregated signature scheme has fault-tolerant function and certain invalid single signature identification capability, the common aggregated signature scheme is that n single signatures are aggregated into an aggregated signature, if the aggregated signature fails to verify, an invalid signature exists in the n single signatures, the n single signatures are not verified and rejected, if the aggregated signature is successfully verified, the n single signatures are all valid, the fault-tolerant aggregated signature improves the condition, because the fault-tolerant aggregated signature is composed of a plurality of aggregated signatures, the verification result has a plurality of results, and the plurality of results can be used for certain degrees of invalid single signatures and ensuring that partial valid signatures are verified, but not all single signatures can not be verified because of 1 or a small number of invalid single signatures.

③ in comparison to fault-tolerant aggregate signature schemes in Wang, G., Cao, Z., Dong, X., Liu, J., Improved fault-tolerantaggregate signatures, the Computer Journal 62(4),481{489(2019), the present invention specifically accomplishes elliptic curve-based, certificateless aggregate signature work, and in Wang, G., Cao, Z., Dong, X., Liu, J., Improved fault-tolerant aggregate signatures, the Computer Journal 62(4),481{489(2019), a uniform (k, m) set constructed by using a fault-tolerant method is different from a uniform (k, m) set constructed by the present scheme, and the fault-tolerant aggregate signatures in Wang, g., Cao, z, Dong, x, Liu, j. Improved fault-tolerant aggregate signatures, the Computer Journal 62(4),481{489(2019), have a disadvantage that all the aggregate signatures in the fault-tolerant aggregate signatures are verified to be invalid due to the fact that a single signature (which may also be a small number of single signatures) is invalid, and the present scheme solves the disadvantage. Such as an example given in Wang, g., Cao, z., Dong, x, Liu, j., Improved fault-tall aggregate signatures, the Computer Journal 62(4),481{489(2019) } D ═ σ₁，σ₂，…，σ₁₁The resulting uniform (3, 5) set is as follows:

B₁＝(σ₅,σ₆,σ₇,σ₈,σ₉,σ₁₀,σ₁₁)，

B₂＝(σ₂,σ₃,σ₄,σ₈,σ₉,σ₁₀,σ₁₁)，

B₃＝(σ₁,σ₃,σ₄,σ₆,σ₇,σ₁₀,σ₁₁)，

B₄＝(σ₁,σ₂,σ₄,σ₅,σ₇,σ₉,σ₁₁)，

B₅＝(σ₁,σ₂,σ₃,σ₅,σ₆,σ₈,σ₁₁)，

if single signature σ₁₁Is invalid, then all 5 aggregated signatures will be invalid (which is a disadvantage).

But according to the scheme, a uniform (k, m) set algorithm is simply constructed (not according to the basic specification), and a uniform (3, 6) set, sigma₁₂,σ₁₃,σ₁₄,σ₁₅Is the added virtual signature and then removes the added virtual single signature as follows:

the 6 aggregated signatures thus generated do not all verify as invalid due to a single signature.

The equivalent embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts between the equivalent embodiments can be referred to each other. For the system disclosed by the embodiment, the description is relatively simple because the system corresponds to the method disclosed by the embodiment, and the relevant points can be referred to the method part for description.

The principle and the implementation manner of the present invention are explained by applying specific examples, the above description of the embodiments is only used to help understanding the method of the present invention and the core idea thereof, the described embodiments are only a part of the embodiments of the present invention, not all embodiments, and all other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts belong to the protection scope of the present invention.

Claims (8)

1. A certificateless fault-tolerant aggregation signature method applied to the Internet of vehicles is characterized by comprising the following steps:

generating a pseudo identity of each vehicle according to the real identity of each vehicle through a trusted authority authentication center, generating a partial private key of each vehicle based on the pseudo identity of each vehicle, and respectively transmitting the partial private key of each vehicle to each vehicle;

generating, by each of the vehicles, a public key and a private key of the vehicle from a portion of the private key of the vehicle; the public key and the private key are used for carrying out digital signature on the message to be sent to obtain a single signature of the message to be sent by the vehicle, and the single signature is sent to a roadside unit;

forming a single signature set by the roadside unit from the received single signatures sent by the vehicles;

carrying out fault-tolerant aggregated signature on the single signature set through the roadside unit to obtain a fault-tolerant aggregated signature set, and sending the fault-tolerant aggregated signature set to a trusted authority authentication center;

and verifying each fault-tolerant aggregated signature in the fault-tolerant aggregated signature set through the credible authority authentication center to obtain a verification result of each fault-tolerant aggregated signature.

2. The certificateless fault-tolerant aggregated signature method applied to the internet of vehicles according to claim 1, wherein the generating, by the trusted authority certificate authority, the pseudo identity of each vehicle according to the real identity of each vehicle and the generating of the partial private key of each vehicle based on the pseudo identity of each vehicle specifically comprises:

according to the real identity ID of the ith vehicle_iUsing the formula

Determining a pseudo-identity PID for an ith vehicle_i(ii) a Wherein H₁Is a first hash function, s_secDenotes a first random integer, C_iOne element, C, representing the elliptic curve addition cycle group_i＝c_iP, P denotes the generator of the elliptic curve addition cyclic group, c_iRepresents a second random integer;

pseudo-identity PID from ith vehicle_iUsing the formula h_2,i＝H₂(PID_i,C_i,t_i) Calculating a first hash value h of the ith vehicle_2,i(ii) a Wherein, t_iPID representing pseudo identity_iEffective duration of (H)₂Is a second hash function;

according to the first hash value h of the ith vehicle_2,iUsing the formula l_i＝(s_sech_2,i+c_i) mod q, calculating integer element l_i(ii) a Wherein q represents the group order of the elliptic curve addition cyclic group;

generating PIDs containing pseudo-identities_iPseudo identity PID_iIs valid for a time period t_iAnd integer element l_iPart of the private key of

3. The certificateless fault-tolerant aggregation signature method applied to the internet of vehicles according to claim 1, wherein the fault-tolerant aggregation signature is performed on the single signature set by the roadside unit to obtain a fault-tolerant aggregation signature set, and specifically comprises:

constructing a plurality of basic specifications of a uniform set according to the sequence from big to small to form a basic specification set;

acquiring the number of single signatures in a single signature set, and setting the number of the single signatures as an initial integer division remainder;

respectively judging whether the difference value of each basic specification and the integer division remainder is within a preset range to obtain a first judgment result;

if the first judgment result shows that the difference value between the s-th basic specification and the integer division remainder is within a preset range, generating a virtual single signature with the difference value number to obtain a signature set to be subjected to fault-tolerant aggregation, wherein the signature set comprises a single signature with the number of the integer division remainder in the single signature set and the virtual single signature with the number of the difference value, performing uniform (k, m) set construction on the signature set to be subjected to fault-tolerant aggregation by using the s-th basic specification to obtain a uniform (k, m) set of the s-th basic specification, removing the virtual single signature in the uniform (k, m) set, performing fault-tolerant aggregation signature on the removed uniform (k, m) set to obtain a first aggregation signature set;

if the first judgment result shows that the difference value between each basic specification and the integer division remainder is not in a preset range, utilizing the integer division remainder to divide the tth basic specification in an integer way, and utilizing the integer division result to update the numerical values of the integer division quotient and the integer division remainder;

judging whether the integer quotient is 0 or not to obtain a second judgment result;

if the second judgment result shows that the integer division quotient is 0, increasing the numerical value of t by 1, and returning to the step of 'dividing the t basic specification by the integer division remainder and updating the numerical values of the integer division quotient and the integer division remainder by the integer division result';

if the second judgment result shows that the integer quotient is not 0, carrying out fault-tolerant aggregated signature on the single signatures of which the number is equal to the number of the previous integer quotient multiplied by the t basic specification in the single signature set by using the t basic specification to obtain a second aggregated signature set;

judging whether the integer division remainder is 0 or not to obtain a third judgment result;

if the third judgment result shows that the integer division remainder is not 0, returning to the step of respectively judging whether the difference value between each basic specification and the integer division remainder is within a preset range to obtain a first judgment result;

and if the third judgment result shows that the integer division remainder is 0, outputting the union of the first aggregation signature set and the second aggregation signature set as a fault-tolerant aggregation signature set.

4. The certificateless fault-tolerant aggregated signature method applied to internet of vehicles according to claim 1, wherein the generating of the pseudo identity of each vehicle according to the real identity of each vehicle by the trusted authority certificate authority further comprises:

and generating a main public key, a main private key and system parameters through a trusted authority authentication center based on an elliptic addition cycle group.

5. A certificateless fault-tolerant aggregated signature system for use in the internet of vehicles, the system comprising:

the system comprises a partial private key generation module, a trusted authority authentication center and a partial private key generation module, wherein the partial private key generation module is used for generating a pseudo identity of each vehicle according to the real identity of each vehicle through the trusted authority authentication center, generating a partial private key of each vehicle based on the pseudo identity of each vehicle, and respectively transmitting the partial private key of each vehicle to each vehicle;

the digital signature module is used for generating a public key and a private key of the vehicle according to a part of private keys of the vehicles through each vehicle; the public key and the private key are used for carrying out digital signature on the message to be sent to obtain a single signature of the message to be sent by the vehicle, and the single signature is sent to a roadside unit;

the single signature set acquisition module is used for forming a single signature set by the received single signatures sent by the vehicles through the roadside unit;

the fault-tolerant aggregated signature module is used for carrying out fault-tolerant aggregated signature on the single signature set through the roadside unit to obtain a fault-tolerant aggregated signature set and sending the fault-tolerant aggregated signature set to a trusted authority authentication center;

and the fault-tolerant aggregated signature verification module is used for verifying each fault-tolerant aggregated signature in the fault-tolerant aggregated signature set through the trusted authority authentication center to obtain a verification result of each fault-tolerant aggregated signature.

6. The certificateless fault-tolerant aggregated signature system applied to the internet of vehicles according to claim 5, wherein the partial private key generation module specifically comprises:

a pseudo-identity determination submodule for determining the true identity ID of the ith vehicle based on_iUsing the formula

Determining a pseudo-identity PID for an ith vehicle_i(ii) a Wherein H₁Is a first hash function, s_secDenotes a first random integer, C_iOne element, C, representing the elliptic curve addition cycle group_i＝c_iP, P denotes the generator of the elliptic curve addition cyclic group, c_iRepresents a second random integer;

a first hash value calculation operator module for calculating a pseudo-identity PID of the ith vehicle_iUsing the formula h_2,i＝H₂(PID_i,C_i,t_i) Calculating a first hash value h of the ith vehicle_2,i(ii) a Wherein, t_iPID representing pseudo identity_iEffective duration of (H)₂Is a second hash function;

an integer element calculation submodule for calculating a first hash value h for the ith vehicle_2,iUsing the formula l_i＝(s_sech_2,i+c_i) mod q, calculating integer element l_i(ii) a Wherein q represents the group order of the elliptic curve addition cyclic group;

a partial private key generation submodule for generating a PID containing a pseudo identity_iPseudo identity PID_iIs valid for a time period t_iAnd integer element l_iPart of the private key of

7. The certificateless fault-tolerant aggregation signature system applied to the internet of vehicles according to claim 5, wherein the fault-tolerant aggregation signature module specifically comprises:

the basic specification construction submodule is used for constructing a plurality of basic specifications of the uniform set according to the sequence from big to small to form a basic specification set;

the single signature number acquisition submodule is used for acquiring the number of single signatures in a single signature set and setting the number of the single signatures as an initial integer division remainder;

the first judgment submodule is used for respectively judging whether the difference value of each basic specification and the integer division remainder is within a preset range to obtain a first judgment result;

the first fault-tolerant aggregation signature submodule is used for generating a virtual single signature with the number of difference values if the first judgment result shows that the difference value between the s-th basic specification and the integer division remainder is within a preset range, obtaining a signature set to be fault-tolerant aggregated, which comprises the single signature with the number of the integer division remainder in the single signature set and the virtual single signature with the number of the difference values, performing uniform (k, m) set construction on the signature set to be fault-tolerant aggregated by using the s-th basic specification to obtain a uniform (k, m) set of the s-th basic specification, removing the virtual single signature in the uniform (k, m) set, performing fault-tolerant aggregation signature on the removed uniform (k, m) set, and obtaining a first aggregation signature set;

a integer division submodule, configured to divide the tth basic specification by the integer division remainder and update the numerical values of the integer division quotient and the integer division remainder by the integer division result if the first determination result indicates that the difference value between each basic specification and the integer division remainder is not within a preset range;

the second judgment submodule is used for judging whether the integer quotient is 0 or not to obtain a second judgment result;

a first returning submodule, configured to increase a value of t by 1 if the second determination result indicates that the integer division quotient is 0, and return to the step "divide the t-th basic specification by the integer division remainder, and update values of the integer division quotient and the integer division remainder by the integer division result";

the second fault-tolerant aggregated signature submodule is used for carrying out fault-tolerant aggregated signature on the single signatures of which the number is equal to the integral quotient of the first integral quotient multiplied by the t basic specification in the single signature set by using the t basic specification if the second judgment result shows that the integral quotient is not 0, so as to obtain a second aggregated signature set;

the third judgment submodule is used for judging whether the integer division remainder is 0 or not to obtain a third judgment result;

a second returning submodule, configured to, if the third determination result indicates that the integer division remainder is not 0, return to the step "respectively determine whether a difference between each of the basic specifications and the integer division remainder is within a preset range, so as to obtain a first determination result";

and the fault-tolerant aggregated signature set output submodule is used for outputting the union of the first aggregated signature set and the second aggregated signature set as a fault-tolerant aggregated signature set if the third judgment result shows that the integer division remainder is 0.

8. The certificateless fault-tolerant aggregated signature system for internet of vehicles as claimed in claim 5, further comprising:

and the initialization module is used for generating a main public key, a main private key and system parameters based on the elliptic addition cycle group through the trusted authority authentication center.

Images